summaryrefslogtreecommitdiff
path: root/drivers
diff options
context:
space:
mode:
authorRoi Dayan <roid@mellanox.com>2014-02-04 16:54:54 +0200
committerRoland Dreier <roland@purestorage.com>2014-02-14 09:48:03 -0800
commit7d9eacf9457efc6b614665e1095336c11ad83f0d (patch)
tree0992c780cf2480cb3999f0b249be37161e849f91 /drivers
parent38dbfb59d1175ef458d006556061adeaa8751b72 (diff)
downloadkernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.tar.gz
kernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.tar.bz2
kernel-common-7d9eacf9457efc6b614665e1095336c11ad83f0d.zip
IB/iser: Avoid dereferencing iscsi_iser conn object when not bound to iser connection
Fix a possible NULL pointer dereference in disconnection flow. This can happen if the target disconnected/rejected the connection request, e.g before the binding stage between iscsi connection to the transport connection. Signed-off-by: Alex Tabachnik <alext@mellanox.com> Signed-off-by: Roi Dayan <roid@mellanox.com> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/infiniband/ulp/iser/iser_verbs.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/drivers/infiniband/ulp/iser/iser_verbs.c b/drivers/infiniband/ulp/iser/iser_verbs.c
index afe95674008b..ca37edef2791 100644
--- a/drivers/infiniband/ulp/iser/iser_verbs.c
+++ b/drivers/infiniband/ulp/iser/iser_verbs.c
@@ -652,9 +652,13 @@ static int iser_disconnected_handler(struct rdma_cm_id *cma_id)
/* getting here when the state is UP means that the conn is being *
* terminated asynchronously from the iSCSI layer's perspective. */
if (iser_conn_state_comp_exch(ib_conn, ISER_CONN_UP,
- ISER_CONN_TERMINATING))
- iscsi_conn_failure(ib_conn->iser_conn->iscsi_conn,
- ISCSI_ERR_CONN_FAILED);
+ ISER_CONN_TERMINATING)){
+ if (ib_conn->iser_conn)
+ iscsi_conn_failure(ib_conn->iser_conn->iscsi_conn,
+ ISCSI_ERR_CONN_FAILED);
+ else
+ iser_err("iscsi_iser connection isn't bound\n");
+ }
/* Complete the termination process if no posts are pending */
if (ib_conn->post_recv_buf_count == 0 &&